All replies

The Cluster service controls server cluster operations and manages the cluster database. A cluster is a collection of independent computers that act as a single computer. Managers, programmers, and users see the cluster as a single system. The software distributes
data among the nodes of the cluster. If a node fails, other nodes provide the services and data that were formerly provided by the missing node. When a node is added or repaired, the cluster software migrates some data to that node.

System service name: ClusSvc

Application

Protocol

Ports

Cluster Service

UDP

3343

Cluster Service

TCP

3343 (This port is required during a node join operation.)

RPC

TCP

135

Cluster Administrator

UDP

137

Randomly allocated high UDP ports¹

UDP

Random port number between 1024 and 65535Random port number between 49152 and 65535²

Note:Additionally, for successful validation on Windows Failover Clusters on 2008 and above, allow inbound and outbound traffic for ICMP4, ICMP6, and port 445/TCP for SMB.

¹ For more information about how to customize these ports, see "Remote Procedure Calls and DCOM" in the "References" section.
² This is the range in Windows Server 2012, Windows 8, Windows Server 2008 R2, Windows 7, Windows Server 2008, and Windows Vista.

And file share witness should be as same as file share use TCP 139/445 and UDP 137/138.

Best Regards
Cartman
Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

Hi, thank you for the info! this is very helpful. I have taken over a cluster that was already in place and notice that the inbound rules from the cluster show allow for all profiles. Should I limit the Failover Cluster rules to just the Domain? FYI this
is not in a DMZ, and should only be accessed internally.